On 2/15/24 14:18, Simon Horman wrote:
> On Tue, Feb 13, 2024 at 08:44:41PM +0100, Ilya Maximets wrote:
>> The output file of this openssl command is a certificate signed with
>> pre-existing private key. It doesn't create a private key. The
>> restricted permissions are explicitly removed from the resulted
>> certificate right after its generation. So, there is no point in
>> creating it with restricted permissions in the first place.
>>
>> Fixes: 99e5e05db37a ("ovs-pki: Create private keys with restricted
>> permissions.")
>> Signed-off-by: Ilya Maximets <[email protected]>
>
> Hi Ilya,
>
> I'm fine with this change, and agree with the explanation provided.
> However, it is not clear to me that this is a fix, for which
> my working definition is a user-visible problem, usually at run-time.
Makes sense. The Fixes tag here is more for the demonstration of the
original intent of the code, i.e. highlighting that it doesn't do what
it was meant to do. We could backport it, but I agree that it is not
needed, so I won't.
>
> That notwithstanding, feel free to add.
>
> Acked-by: Simon Horman <[email protected]>
Thanks, Mike and Simon! Applied.
Best regards, Ilya Maximets.
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
